Threat Predictions for Financial Services and Fraud in 2018

The landscape in 2017

In 2017 we’ve seen fraud attacks in financial services become increasingly account-centric. Customer data is a key enabler for large-scale fraud attacks and the frequency of data breaches among other successful attack types has provided cybercriminals with valuable sources of personal information to use in account takeover or false identity attacks. These account-centric attacks can result in many other losses, including that of further customer data and trust, so mitigation is as important as ever for businesses and financial services customers alike.

What can we expect in 2018?

2018 will be a year of innovation in financial services as the pace of change in this space continues to accelerate. As more channels and new financial service offerings emerge, threats will diversify. Financial services will need to focus on omni-channel fraud prevention to successfully identify more fraud crossing from online accounts to newer channels. Newer successful payment types will see more attack attempts as their profitability for attack increases.

Real-time payment challenges. Increasing demand from consumers for real-time and cross-border financial transactions results in pressure to analyse risk more quickly. Consumer expectations for friction-free payments make this task even more challenging. Financial services will need to rethink and make ‘Know Your Customer’ processes more effective. Machine learning and eventually AI-based solutions will also be key in meeting the need for quicker fraud and risk detection.

The big risk here is that the growing demand for superfast, easy transactions (including instant cross-border payments) means that banks, payments systems etc. have to make ever quicker decisions about the integrity of a transaction, and this increases the likelihood of mistakes and fraud slipping through the net. The solution is not to reduce checks but to make them more effective while still faster. This is where the AI/machine learning systems will really help.

Social engineering attacks. Financial services will need to stay focused on tried and tested attack techniques. In spite of more sophisticated emergent threats, social engineering and phishing continue to be some of the simplest and most profitable attacks – exploiting the human element as the weakest link. Customer and employee education should continue to improve awareness of the latest attacks and scams.

Mobile threats. According to the latest Kaspersky Cybersecurity Index, ever more online activity now takes place on mobile. For example, 35 per cent of people now use their smartphone for online banking and 29 per cent for online payment systems (up from 22 per cent and 19 per cent respectively in the previous year). These mobile-first consumers will increasingly be prime targets for fraud. Cybercriminals will use previously-successful and new malware families to steal user banking credentials in creative ways. In 2017 we saw the modification of malware family Svpeng. In 2018, other families of mobile malware will re-surface to target banking credentials with new features. Identification and the removal of mobile malware is essential to financial services institutions to stop these attacks early.

Data breaches. Data breaches will continue to make the headlines in 2018 and the secondary impact on financial institutions will be felt through fake account set ups and account take-over attacks. Data breaches, although harder to commit than individual fraud attacks against customers, are hugely profitable to criminals thanks to the high volume of customer data exposed in one hit. Financial services should regularly test their defences and use solutions to detect any suspicious access at the earliest stages.

Financial organizations have informed us of a rise in suspicious credential checks and login attempts following data breaches, such as multiple login attempts for a range of accounts all coming from the same set of IPs or devices.

Cryptocurrency targets. More financial institutions will explore the application of cryptocurrencies, making attacks on these currencies a key target for cybercriminals. We already saw the occurrence of mining malware increasing in 2017 and more attempts to exploit these currencies will be seen in 2018. Solutions capable of detecting the latest malware families should be used as well as combining the latest threat intelligence into prevention strategies. [See Threat Predictions for Cryptocurrencies for further information on this threat.]

Account takeover. More secure physical payments through chip technology and other Point of Sale improvements, have shifted fraud online in the past decade. Now, as online payment security improves through tokenisation, biometric technology and more, fraudsters are shifting to account takeover attacks. Industry estimates suggest fraud of this type will run into billions of dollars as fraudsters pursue this highly profitable attack vector. Financial services will need to rethink digital identities and use innovative solutions to be sure that customers are who they say they are, every time.

According to Financial Fraud Action UK, account takeover is increasing each year (e.g. 5% increase from 2015 to 2016); while Forrester estimates that it causes at least $6.5 billion in annual losses, a figure that is set to rise over the coming years.

Pressure to innovate. More and more businesses will venture into payment solutions and open banking offerings in 2018. Innovation will be key to incumbent financial service firms seeking a competitive advantage over an increasing number of competitors. But understanding the regulatory complications can be challenging enough, never mind evaluating the potential for attack on new channels. These new offerings will be targets for fraudsters upon release and any new solution not designed with security at the core will find itself an easy target for cybercriminals.

Examples of banking innovation include online payments company, Square introducing a bitcoin exchange for customers, and social media network, Facebook obtaining a banking licence in 2016.

Fraud-as-a-Service. International underground communication amongst cybercriminals means that knowledge is shared quickly and attacks can spread globally even faster. Fraud services are offered on the dark web, from bots and phishing translation services to remote access tools. Less experienced cybercriminals purchase and use these tools, meaning more attempted attacks for financial services to block. Sharing knowledge across departments as well as looking to threat intelligence services will be key in mitigation.

The main trend is diversification of the threat, as fraud monitoring systems improve and attackers need to be more creative and versatile. The number of topics being discussed on the underground is growing, including conversations about how to set up fake accounts or bypass security at particular banks etc.

ATM attacks. ATMs will continue to attract the attention of many cybercriminals. In 2017, Kaspersky Lab researchers uncovered, among other things, attacks on ATM systems that involved new malware, remote and fileless operations, and an ATM-targeting malware called ‘Cutlet Maker’ that was being sold openly on the DarkNet market for a few thousand dollars with a step-by-step user guide. Kaspersky Lab has published a report on future ATM attack scenarios targeting ATM authentication systems.